Univention Bugzilla – Bug 54791
School replica join: 97univention-s4-connector.inst DNS configuration times out in big environments
Last modified: 2024-02-23 13:26:55 CET
At a school customer, with ~150.000 users, we've seen the following error pretty often during the join of a new school replica server: Wait for bind9: .Restarting bind9 (via systemctl): bind9.service. Restarting samba-ad-dc (via systemctl): samba-ad-dc.service. ....................................................................................................Restarting bind9 (via systemctl): bind9.service. ....................................................................................................Restarting bind9 (via systemctl): bind9.service. See "systemctl status bind9.service" and "journalctl -xe" for details. failed! ************************************************************** * ERROR: Failed to configure Samba4 as backend for bind. * * Please check the samba and the s4-connector logfile.* ************************************************************** This happened, because during the join thousands of objects have been created in UCS and have been added as pickle files for the s4connector. When starting the s4connector during the join, all those files are then processed in order of creation. Oftentimes, the DNS zones necessary for this joinscript are not synced before the timeout of ~20 minutes is reached. The customer then has to wait until the zone is synced and restart the join. It would be good if we could sync the objects needed for the join to complete earlier than the other less important objects.
Addressing Bug 49442 could help too but may not be enough.
Package: univention-squid-kerberos Version: 9.0.0-2A~5.0.0.202208021733 Branch: ucs_5.0-0 Scope: errata5.0-2 Package: univention-s4-connector Version: 14.0.10-3A~5.0.0.202208021732 Branch: ucs_5.0-0 Scope: errata5.0-2 Package: univention-samba4 Version: 9.0.8-4A~5.0.0.202208021731 Branch: ucs_5.0-0 Scope: errata5.0-2 32823a5d39 Bug #54791: yaml 37713fbfbd Bug #54791: CHangelog b9a44f98b7 Bug #54791: cfg for testing 59d3076b98 Bug #54791: schoolserver join often fails in big environments resync_object_from_ucs.py has been modified to have the new flag --first, which resyncs an object and gives the newly created pickle file a negative timestamp as its name. Because of this, objects can be put to the beginning of the queue. The Joinscripts 97univention-s4-connector 98univention-samba4-dn and 98univention-squid-samba4 have been modified to use this flag.
82bdfddeda | Advisory markup bb970f8ee6 | Advisory wording 730d6cf240 | Cleanup: Adjust spacing in help message Verified: * Code review * Test run with the new cfg scenario * Test of file ordering with locale/default='en_US.UTF-8:UTF-8' and locale/default='de_DE.UTF-8:UTF-8' * Package update * Advisories
<https://errata.software-univention.de/#/?erratum=5.0x380> <https://errata.software-univention.de/#/?erratum=5.0x381> <https://errata.software-univention.de/#/?erratum=5.0x382>